Mail Bomb and Access Control List Question

We're having a problem with accounts being compromised and sending(spamming) through our GWIA. We are thinking about enabling mail bomb protection, but we had a question about this. If we enable mail bomb protection but then add our ISP's relay servers the "white list" under Access Control Lists, will the ACL white list be honored over the mail bomb protection setting? i.e. Will our ISP relay servers always be allowed?

Tags:

  • In article <blewis12.5zyqw0@no-mx.forums.novell.com>, Blewis12 wrote:
    > We're having a problem with accounts being compromised and
    > sending(spamming) through our GWIA. We are thinking about enabling mail
    > bomb protection, but we had a question about this. If we enable mail
    > bomb protection but then add our ISP's relay servers the "white list"
    > under Access Control Lists, will the ACL white list be honored over the
    > mail bomb protection setting? i.e. Will our ISP relay servers always be
    > allowed?


    There's a lot in there. This might take a could runs through.
    I am assuming all inbound controls for this discussion.

    1) Have you been able to figure out what vector these compromises are
    happening? This needs to be figured out no matter what else we do to have
    the mail flow properly. I'm assuming you are making sure your users are
    following good password practices.

    2) Is all your inbound mail routed through your ISP? If so TID 3959034
    will help make sure your ACLs prevent leakage around them if your users
    aren't sending mail from outside without a native GroupWise client
    http://www.novell.com/support/kb/doc.php?id=3959034
    2a) I hope your ISP is doing at least some spam filtering.

    3)I don't know the direct answer to your question for sure, but over the
    years I've had several clients with external antispam as the single source
    of inbound mail as well as the mail bomb protection on (usually at 42 over
    10 or 15 seconds), and there's never been a problem.

    4) If I'm reading the documentation correctly, mailbomb protection will
    NOT help for authenticated SMTP connections.



    Andy Konecny
    Knowledge Partner (voluntary SysOp)
    KonecnyConsulting.ca in Toronto
    ----------------------------------------------------------------------
    Andy's Profile: http://forums.novell.com/member.php?userid=75037


  • Is there a way to have the GWIA Limit the number of emails and authenticated user can send through the GWIA from there smart phone?
  • blewis12 wrote:

    > If we enable mail bomb protection but then add our ISP's relay servers the
    > "white list" under Access Control Lists, will the ACL white list be honored
    > over the mail bomb protection setting? i.e. Will our ISP relay servers always
    > be allowed?


    From my experience I would say no. Mail bomb protection isn't tied to ACLs.

    --
    Danita
    Novell Knowledge Partner
    Do you have Willem Bagchus' GW 2012 Admin Guide?
    http://www.facebook.com/caledonia.net
  • In article <data5248.605e8o@no-mx.forums.novell.com>, Data5248 wrote:
    > Is there a way to have the GWIA Limit the number of emails and
    > authenticated user can send through the GWIA from there smart phone?
    >

    Not with one GWIA, but having two can help.
    One for just normal inbound mail that will only accept mail from your
    antispam filters, and one for only authenticated users.


    Andy Konecny
    Knowledge Partner (voluntary SysOp)
    KonecnyConsulting.ca in Toronto
    ----------------------------------------------------------------------
    Andy's Profile: http://forums.novell.com/member.php?userid=75037